From 839d88fa0ae608b36c195493840ceaa8c51f05ff Mon Sep 17 00:00:00 2001 From: Bernd Storath <999999bst@gmail.com> Date: Wed, 18 Feb 2026 09:05:17 +0100 Subject: [PATCH] fix formatting, fix types --- src/app/stores/global.ts | 9 ++++++--- src/server/api/admin/interface/index.post.ts | 4 +++- .../database/repositories/interface/service.ts | 14 ++++++++++++++ src/server/utils/WireGuard.ts | 6 ++---- src/server/utils/firewall.ts | 15 ++++++++++++--- 5 files changed, 37 insertions(+), 11 deletions(-) diff --git a/src/app/stores/global.ts b/src/app/stores/global.ts index f0a12de4..aa28ca13 100644 --- a/src/app/stores/global.ts +++ b/src/app/stores/global.ts @@ -1,7 +1,10 @@ export const useGlobalStore = defineStore('Global', () => { - const { data: information, refresh: refreshInformation } = useFetch('/api/information', { - method: 'get', - }); + const { data: information, refresh: refreshInformation } = useFetch( + '/api/information', + { + method: 'get', + } + ); const sortClient = ref(true); // Sort clients by name, true = asc, false = desc diff --git a/src/server/api/admin/interface/index.post.ts b/src/server/api/admin/interface/index.post.ts index 7225abb1..6fe10d62 100644 --- a/src/server/api/admin/interface/index.post.ts +++ b/src/server/api/admin/interface/index.post.ts @@ -14,7 +14,9 @@ export default definePermissionEventHandler( // Clear cache to force fresh check firewall.clearAvailabilityCache(); - const iptablesAvailable = await firewall.isAvailable(!WG_ENV.DISABLE_IPV6); + const iptablesAvailable = await firewall.isAvailable( + !WG_ENV.DISABLE_IPV6 + ); if (!iptablesAvailable) { const requiredTools = WG_ENV.DISABLE_IPV6 ? 'iptables' diff --git a/src/server/database/repositories/interface/service.ts b/src/server/database/repositories/interface/service.ts index ac191975..4c0d0b42 100644 --- a/src/server/database/repositories/interface/service.ts +++ b/src/server/database/repositories/interface/service.ts @@ -18,6 +18,13 @@ function createPreparedStatement(db: DBType) { }) .where(eq(wgInterface.name, sql.placeholder('interface'))) .prepare(), + setFirewallEnabled: db + .update(wgInterface) + .set({ + firewallEnabled: sql.placeholder('firewallEnabled') as never as boolean, + }) + .where(eq(wgInterface.name, sql.placeholder('interface'))) + .prepare(), }; } @@ -56,6 +63,13 @@ export class InterfaceService { .execute(); } + setFirewallEnabled(firewallEnabled: boolean) { + return this.#statements.setFirewallEnabled.execute({ + interface: 'wg0', + firewallEnabled, + }); + } + updateCidr(data: InterfaceCidrUpdateType) { return this.#db.transaction(async (tx) => { const oldCidr = await tx.query.wgInterface diff --git a/src/server/utils/WireGuard.ts b/src/server/utils/WireGuard.ts index d21a3c7f..52a8cea4 100644 --- a/src/server/utils/WireGuard.ts +++ b/src/server/utils/WireGuard.ts @@ -270,13 +270,11 @@ class WireGuard { const enableIpv6 = !WG_ENV.DISABLE_IPV6; const iptablesAvailable = await firewall.isAvailable(enableIpv6); if (!iptablesAvailable) { - const requiredTools = enableIpv6 - ? 'iptables/ip6tables' - : 'iptables'; + const requiredTools = enableIpv6 ? 'iptables/ip6tables' : 'iptables'; console.warn( `WARNING: Per-Client Firewall is enabled but ${requiredTools} is not available. Disabling firewall feature. Please install ${requiredTools} to use this feature.` ); - await Database.interfaces.update({ firewallEnabled: false }); + await Database.interfaces.setFirewallEnabled(false); wgInterface.firewallEnabled = false; // Update local copy } } diff --git a/src/server/utils/firewall.ts b/src/server/utils/firewall.ts index 26cff0e5..686df6ad 100644 --- a/src/server/utils/firewall.ts +++ b/src/server/utils/firewall.ts @@ -1,7 +1,6 @@ import debug from 'debug'; import { isIPv6 } from 'is-ip'; -import type { ClientType } from '#db/repositories/client/types'; import type { InterfaceType } from '#db/repositories/interface/types'; import type { UserConfigType } from '#db/repositories/userConfig/types'; @@ -21,6 +20,16 @@ type ParsedEntry = { proto?: 'tcp' | 'udp' | 'both'; }; +type FirewallClient = { + id: number; + name: string; + ipv4Address: string; + ipv6Address: string; + firewallIps: string[] | null; + allowedIps: string[] | null; + enabled: boolean; +}; + /** * Sanitize a client identifier for use in an iptables comment. * Strips all characters except ASCII alphanumeric, space, underscore, hyphen, and dot. @@ -184,7 +193,7 @@ export const firewall = { * Apply firewall rules for a single client */ async applyClientRules( - client: ClientType, + client: FirewallClient, defaultAllowedIps: string[], enableIpv6: boolean ): Promise { @@ -227,7 +236,7 @@ export const firewall = { */ async rebuildRules( wgInterface: InterfaceType, - clients: ClientType[], + clients: FirewallClient[], userConfig: UserConfigType, enableIpv6: boolean ): Promise {